CVE-2026-10727 HIGH

CVE-2026-10727

Weakness CWE-78

Published June 9, 2026

Last update June 10, 2026

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root

Key dates

02Disclosure timeline

June 9, 2026 CVE published

June 10, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-10727

Related vulnerabilities

04Related CVE

CVE-2025-6897 D-Link DI-7300G+ httpd_debug.asp os command injection CVE-2026-44258 efw4.X: Path Traversal via Unchecked dst Parameter leads to Remote Code Execution CVE-2026-30818 OS Command Injection Vulnerability in dnsmasq Module in TP-Link AX53 CVE-2022-35976 Improper KubeConfig handling allows arbitrary code execution CVE-2022-33205